DESCRIPTION

perlcritic is a Perl source code analyzer. It is the executable front-end to the Perl::Critic engine, which attempts to identify awkward, hard to read, error-prone, or unconventional constructs in your code. Most of the rules are based on Damian Conway's book Perl Best Practices. However, perlcritic is not limited to enforcing PBP, and it will even support rules that contradict Conway. All rules can easily be configured or disabled to your liking.

This documentation only covers how to drive this command. For all other information, such as API reference and alternative interfaces, please see the documentation for Perl::Critic itself.

USAGE EXAMPLES

Before getting into all the gory details, here are some basic usage examples to help get you started.

ARGUMENTS

The arguments are paths to the files you wish to analyze. You may specify multiple files. If an argument is a directory, perlcritic will analyze all Perl files below the directory. If no arguments are specified, then input is read from STDIN.

OPTIONS

Option names can be abbreviated to uniqueness and can be stated with singe or double dashes, and option values can be separated from the option name by a space or '=' (as with Getopt::Long). Option names are also case-sensitive.

--profile FILE or -p FILE

Directs perlcritic to use a profile named by FILE rather than looking for the default .perlcriticrc file in the current directory or your home directory. See "CONFIGURATION" in Perl::Critic for more information.

--noprofile

Directs perlcritic not to load any configuration file, thus reverting to the default configuration for all Policies.

--severity N

Directs perlcritic to only apply Policies with a severity greater than N. Severity values are integers ranging from 1 (least severe) to 5 (most severe). The default is 5. For a given --profile, decreasing the --severity will usually produce more violations. You can set the default value for this option in your .perlcriticrc file. You can also redefine the severity for any Policy in your .perlcriticrc file. See "CONFIGURATION" for more information.

-5 | -4 | -3 | -2 | -1

These are numeric shortcuts for setting the --severity option. For example, "-4" is equivalent to "--severity 4". If multiple shortcuts are specified, then the most restrictive one wins. If an explicit --severity option is also given, then all shortcut options are silently ignored. NOTE: Be careful not to put one of the number severity shortcut options immediately after the --top flag or perlcritic will interpret it as the number of violations to report.

--severity NAME

If it is difficult for you to remember whether severity "5" is the most or least restrictive level, then you can use one of these named values:

These are named shortcuts for setting the --severity option. For example, "--cruel" is equivalent to "--severity 2". If multiple shortcuts are specified, then the most restrictive one wins. If an explicit --severity option is also given, then all shortcut options are silently ignored.

--theme RULE

Directs perlcritic to apply only Policies with themes that satisfy the RULE. Themes are arbitrary names for groups of related policies. You can combine theme names with boolean operators to create an arbitrarily complex RULE. For example, the following would apply only Policies that have a 'bugs' AND 'pbp' theme:

$> perlcritic --theme='bugs && pbp' MyModule.pm

Unless the --severity option is explicitly given, setting --theme silently causes the --severity to be set to 1. You can set the default value for this option in your .perlcriticrc file. See "POLICY THEMES" in Perl::Critic for more information about themes.

--include PATTERN

Directs perlcritic to apply additional Policies that match the regex /PATTERN/imx. Use this option to temporarily override your profile and/or the severity settings at the command-line. For example:

perlcritic --include=layout my_file.pl

This would cause perlcritic to apply all the CodeLayout::* policies even if they have a severity level that is less than the default level of 5, or have been disabled in your .perlcriticrc file. You can specify multiple --include options and you can use it in conjunction with the --exclude option. Note that --exclude takes precedence over --include when a Policy matches both patterns. You can set the default value for this option in your .perlcriticrc file.

--exclude PATTERN

Directs perlcritic to not apply any Policy that matches the regex /PATTERN/imx. Use this option to temporarily override your profile and/or the severity settings at the command-line. For example:

perlcritic --exclude=strict my_file.pl

This would cause perlcritic to not apply the RequireUseStrict and ProhibitNoStrict Policies even though they have the highest severity level. You can specify multiple --exclude options and you can use it in conjunction with the --include option. Note that --exclude takes precedence over --include when a Policy matches both patterns. You can set the default value for this option in your .perlcriticrc file.

--single-policy PATTERN or -s PATTERN

Directs perlcritic to apply just one Policy module matching the regex /PATTERN/ixms, and exclude all other Policies. This option has precedence over the --severity, --theme, --include, --exclude, and --only options. For example:

perlcritic --single-policy=nowarnings my_file.pl

This would cause perlcritic to apply just the ProhibitNoWarnings Policy, regardless of the severity level setting. No other Policies would be applied.

This is equivalent to what one might intend by...

perlcritic --exclude=. --include=nowarnings my_file.pl

... but this won't work because the --exclude option overrides the --include option.

The equivalent of this option can be accomplished by creating a custom profile containing only the desired policy and then running...

perlcritic --profile=customprofile --only my_file.pl

--top [ N ]

Directs perlcritic to report only the top N Policy violations in each file, ranked by their severity. If N is not specified, it defaults to 20. If the --severity option (or one of the shortcuts) is not explicitly given, the --top option implies that the minimum severity level is "1" (i.e. "brutal"). Users can redefine the severity for any Policy in their .perlcriticrc file. See "CONFIGURATION" for more information. You can set the default value for this option in your .perlcriticrc file. NOTE: Be careful not to put one of the severity shortcut options immediately after the --top flag or perlcritic will interpret it as the number of violations to report.

--force

Directs perlcritic to ignore the magical "## no critic" annotations in the source code. See "BENDING THE RULES" for more information. You can set the default value for this option in your .perlcriticrc file.

--statistics

Causes several statistics about the code being scanned and the violations found to be reported after any other output.

--statistics-only

Like the --statistics option, but suppresses normal output and only shows the statistics.

--verbose N | FORMAT

Sets the verbosity level or format for reporting violations. If given a number (N), perlcritic reports violations using one of the predefined formats described below. If given a string (FORMAT), it is interpreted to be an actual format specification. If the --verbose option is not specified, it defaults to either 4 or 5, depending on whether multiple files were given as arguments to perlcritic. You can set the default value for this option in your .perlcriticrc file.

Formats are a combination of literal and escape characters similar to the way sprintf works. See String::Format for a full explanation of the formatting capabilities. Valid escape characters are:

Escape Meaning
------- ------------------------------------------------------------
%c Column number where the violation occurred
%d Full diagnostic discussion of the violation
%e Explanation of violation or page numbers in PBP
%F Just the name of the file where the violation occurred.
%f Path to the file where the violation occurred.
%l Line number where the violation occurred
%m Brief description of the violation
%P Full name of the Policy module that created the violation
%p Name of the Policy without the Perl::Critic::Policy:: prefix
%r The string of source code that caused the violation
%C The class of the PPI::Element that caused the violation
%s The severity level of the violation

The purpose of these formats is to provide some compatibility with text editors that have an interface for parsing certain kinds of input. See "EDITOR INTEGRATION" for more information about that.

--list

Displays a condensed listing of all the Perl::Critic::Policy modules that are found on this machine. This option lists all Policies, regardless of your .perlcriticrc or command line options. For each Policy, the name, default severity and default themes are shown.

--list-enabled

Displays a condensed listing of all the Perl::Critic::Policy modules that would be enforced, if you were actually going to critique a file with this command. This is useful when you've constructed a complicated command or modified your .perlcriticrc file and you want to see exactly which Policies are going to be enforced (or not enforced, as the case may be). For each Policy, the name, default severity and default themes are shown.

--list-themes

Displays a list of all the themes of the Perl::Critic::Policy modules that are found on this machine.

--profile-proto

Displays an expanded listing of all the Perl::Critic::Policy modules that are found on this machine. For each Policy, the name, default severity and default themes are shown, as well as the name of any additional parameters that the Policy supports. The format is suitable as a prototype for your .perlcriticrc file.

--only

Directs perlcritic to apply only Policies that are explicitly mentioned in your .perlcriticrc file. This is useful if you want to use just a small subset of Policies without having to disable all the others. You can set the default value for this option in your .perlcriticrc file.

--profile-strictness {warn|fatal|quiet}

Directs perlcritic how to treat certain recoverable problems found in a .perlcriticrc or file specified via the --profile option. Valid values are warn (the default), fatal, and quiet. For example, perlcritic normally only warns about profiles referring to non-existent Policies, but this option can make this situation fatal. You can set the default value for this option in your .perlcriticrc file.

--count

-C

Display only the number of violations for each file. Use this feature to get a quick handle on where a large pile of code might need the most attention.

--color

--colour

This option is on when outputting to a tty. When set, Severity 5 and 4 are colored red and yellow, respectively. Colorization only happens if Term::ANSIColor is installed and it only works on non-Windows environments. Negate this switch to disable color. You can set the default value for this option in your .perlcriticrc file.

--pager PAGER_COMMAND_STRING

If set, perlcritic will pipe it's output to the given PAGER_COMMAND_STRING. You can set the default value for this option in your .perlcriticrc file.

Setting a pager turns off color by default. You will have to turn color on explicitly. If you want color, you'll probably also want to tell your pager to display raw characters. For less and more, use the -R switch.

--color-severity-highest COLOR_SPECIFICATION

Specifies the color to be used for highest severity violations, as a Term::ANSIColor color specification. Can also be specified as --colour- severity-highest, --color-severity-5, or --colour-severity-5.

--color-severity-high COLOR_SPECIFICATION

Specifies the color to be used for high severity violations, as a Term::ANSIColor color specification. Can also be specified as --colour- severity-high, --color-severity-4, or --colour-severity-4.

--color-severity-medium COLOR_SPECIFICATION

Specifies the color to be used for medium severity violations, as a Term::ANSIColor color specification. Can also be specified as --colour- severity-medium, --color-severity-3, or --colour-severity-3.

--color-severity-low COLOR_SPECIFICATION

Specifies the color to be used for low severity violations, as a Term::ANSIColor color specification. Can also be specified as --colour- severity-low, --color-severity-2, or --colour-severity-2.

--color-severity-lowest COLOR_SPECIFICATION

Specifies the color to be used for lowest severity violations, as a Term::ANSIColor color specification. Can also be specified as --colour- severity-lowest, --color-severity-1, or --colour-severity-1.

--files-with-violations

Display only the names of files with violations. Use this feature with --single-policy to find files that contain violations of a given policy. Can also be specified as --l.

--files-without-violations

Display only the names of files without violations. Use this feature with --single-policy to find files that do not contain violations of a given policy. Can also be specified as --L.

--program-extensions file_name_extension

Tell perlcritic to treat files whose names end in the given file name extension as programs, not as modules. If a leading '.' is desired it must be explicitly specified, e.g.

--program-extensions .pl

The matching is case-sensitive, and the option may be specified as many times as desired, e.g.

--program-extensions .pl --program-extensions .cgi

The above can also be done by quoting the file name extensions:

--program-extensions '.pl .cgi'

Files whose name ends in '.PL' will always be considered programs.

--doc PATTERN

Displays the perldoc for all Perl::Critic::Policy modules that match m/PATTERN/ixms. Since Policy modules tend to have rather long names, this just provides a more convenient way to say something like: "perldoc Perl::Critic::Policy::ValuesAndExpressions::RequireUpperCaseH eredocTerminator" at the command prompt.

--allow-unsafe

This option directs perlcritic to allow the use of Policies that have been marked as "unsafe". Unsafe Policies may result in risky operations by compiling and executing the code they analyze. All the Policies that ship in the core Perl::Critic distribution are safe. However, third- party Policies, such as those in the Perl::Critic::Dynamic distribution are not safe. Note that "safety" is honorary -- if a Policy author marks a Policy as safe, it is not a guarantee that it won't do nasty things. If you don't trust your Policies and the code you are analyzing, then do not use this switch.

--quiet

Suppress the "source OK" message when no violations are found.

--help

-?

-H

Displays a brief summary of options and exits.

--options

Displays the descriptions of the options and exits. While this output is long, it it nowhere near the length of the output of --man.

--man

Displays the complete perlcritic manual and exits.

--version

-V

Displays the version number of perlcritic and exits.

CONFIGURATION

Most of the settings for Perl::Critic and each of the Policy modules can be controlled by a configuration file. The default configuration file is called .perlcriticrc. perlcritic will look for this file in the current directory first, and then in your home directory. Alternatively, you can set the PERLCRITIC environment variable to explicitly point to a different file in another location. If none of these files exist, and the --profile option is not given on the command-line, then all Policies will be loaded with their default configuration.

The format of the configuration file is a series of INI-style blocks that contain key-value pairs separated by "=". Comments should start with "#" and can be placed on a separate line or after the name-value pairs if you desire.

Default settings for perlcritic itself can be set before the first named block. For example, putting any or all of these at the top of your .perlcriticrc file will set the default value for the corresponding command-line argument.

Perl::Critic::Policy::Category::PolicyName is the full name of a module that implements the policy. The Policy modules distributed with Perl::Critic have been grouped into categories according to the table of contents in Damian Conway's book Perl Best Practices. For brevity, you can omit the 'Perl::Critic::Policy' part of the module name.

severity is the level of importance you wish to assign to the Policy. All Policy modules are defined with a default severity value ranging from 1 (least severe) to 5 (most severe). However, you may disagree with the default severity and choose to give it a higher or lower severity, based on your own coding philosophy. You can set the severity to an integer from 1 to 5, or use one of the equivalent names:

set_themes sets the theme for the Policy and overrides its default theme. The argument is a string of one or more whitespace-delimited alphanumeric words. Themes are case-insensitive. See "POLICY THEMES" for more information.

add_themes appends to the default themes for this Policy. The argument is a string of one or more whitespace-delimited words. Themes are case- insensitive. See "POLICY THEMES" for more information.

The remaining key-value pairs are configuration parameters that will be passed into the constructor of that Policy. The constructors for most Policy modules do not support arguments, and those that do should have reasonable defaults. See the documentation on the appropriate Policy module for more details.

Instead of redefining the severity for a given Policy, you can completely disable a Policy by prepending a '-' to the name of the module in your configuration file. In this manner, the Policy will never be loaded, regardless of the --severity given on the command line.

A simple configuration might look like this:

#--------------------------------------------------------------
# I think these are really important, so always load them
[TestingAndDebugging::RequireUseStrict]
severity = 5
[TestingAndDebugging::RequireUseWarnings]
severity = 5
#--------------------------------------------------------------
# I think these are less important, so only load when asked
[Variables::ProhibitPackageVars]
severity = 2
[ControlStructures::ProhibitPostfixControls]
allow = if unless # My custom configuration
severity = cruel # Same as "severity = 2"
#--------------------------------------------------------------
# Give these policies a custom theme. I can activate just
# these policies by saying "perlcritic --theme 'larry || curly'"
[Modules::RequireFilenameMatchesPackage]
add_themes = larry
[TestingAndDebugging::RequireTestLabels]
add_themes = curly moe
#--------------------------------------------------------------
# I do not agree with these at all, so never load them
[-NamingConventions::Capitalization]
[-ValuesAndExpressions::ProhibitMagicNumbers]
#--------------------------------------------------------------
# For all other Policies, I accept the default severity,
# so no additional configuration is required for them.

Note that all policies included with the Perl::Critic distribution that have integer parameters accept underscores ("_") in their values, as with Perl numeric literals. For example,

[ValuesAndExpressions::RequireNumberSeparators]
min_value = 1_000

For additional configuration examples, see the perlcriticrc file that is included in this examples directory of this distribution.

Damian Conway's own Perl::Critic configuration is also included in this distribution as examples/perlcriticrc-conway.

THE POLICIES

A large number of Policy modules are distributed with Perl::Critic. They are described briefly in the companion document Perl::Critic::PolicySummary and in more detail in the individual modules themselves. Say "perlcritic --doc PATTERN" to see the perldoc for all Policy modules that match the regex m/PATTERN/ixms

There are a number of distributions of additional policies on CPAN. If Perl::Critic doesn't contain a policy that you want, some one may have already written it. See "SEE ALSO" in Perl::Critic for a list of some of these distributions.

POLICY THEMES

Each Policy is defined with one or more "themes". Themes can be used to create arbitrary groups of Policies. They are intended to provide an alternative mechanism for selecting your preferred set of Policies. For example, you may wish disable a certain set of Policies when analyzing test programs. Conversely, you may wish to enable only a specific subset of Policies when analyzing modules.

The Policies that ship with Perl::Critic are have been divided into the following themes. This is just our attempt to provide some basic logical groupings. You are free to invent new themes that suit your needs.

THEME DESCRIPTION
------------------------------------------------------------------------
core All policies that ship with Perl::Critic
pbp Policies that come directly from "Perl Best Practices"
bugs Policies that that prevent or reveal bugs
certrec Policies that CERT recommends
certrule Policies that CERT considers rules
maintenance Policies that affect the long-term health of the code
cosmetic Policies that only have a superficial effect
complexity Policies that specificaly relate to code complexity
security Policies that relate to security issues
tests Policies that are specific to test programs

Say "perlcritic --list" to get a listing of all available policies and the themes that are associated with each one. You can also change the theme for any Policy in your .perlcriticrc file. See the "CONFIGURATION" section for more information about that.

Using the --theme command-line option, you can create an arbitrarily complex rule that determines which Policies to apply. Precedence is the same as regular Perl code, and you can use parentheses to enforce precedence as well. Supported operators are:

Theme names are case-insensitive. If the --theme is set to an empty string, then it evaluates as true all Policies.

BENDING THE RULES

Perl::Critic takes a hard-line approach to your code: either you comply or you don't. In the real world, it is not always practical (or even possible) to fully comply with coding standards. In such cases, it is wise to show that you are knowingly violating the standards and that you have a Damn Good Reason (DGR) for doing so.

To help with those situations, you can direct Perl::Critic to ignore certain lines or blocks of code by using annotations:

The "## no critic" annotations direct Perl::Critic to ignore the remaining lines of code until a "## use critic" annotation is found. If the "## no critic" annotation is on the same line as a code statement, then only that line of code is overlooked. To direct perlcritic to ignore the "## no critic" annotations, use the --force option.

A bare "## no critic" annotation disables all the active Policies. If you wish to disable only specific Policies, add a list of Policy names as arguments just as you would for the "no strict" or "no warnings" pragma. For example, this would disable the ProhibitEmptyQuotes and ProhibitPostfixControls policies until the end of the block or until the next "## use critic" annotation (whichever comes first):

The argument list must be enclosed in parentheses and must contain one or more comma-separated barewords (i.e. don't use quotes). The "## no critic" annotations can be nested, and Policies named by an inner annotation will be disabled along with those already disabled an outer annotation.

Some Policies like Subroutines::ProhibitExcessComplexity apply to an entire block of code. In those cases, "## no critic" must appear on the line where the violation is reported. For example:

Some Policies like Documentation::RequirePodSections apply to the entire document, in which case violations are reported at line 1. But if the file requires a shebang line, it is impossible to put "## no critic" on the first line of the file. This is a known limitation and it will be addressed in a future release. As a workaround, you can disable the affected policies at the command-line or in your .perlcriticrc file. But beware that this will affect the analysis of all files.

Use this feature wisely. "## no critic" should be used in the smallest possible scope, or only on individual lines of code. And you should always be as specific as possible about which policies you want to disable (i.e. never use a bare "## no critic"). If Perl::Critic complains about your code, try and find a compliant solution before resorting to this feature.

EDITOR INTEGRATION

For ease-of-use, perlcritic can be integrated with your favorite text editor. The output-formatting capabilities of perlcritic are specifically intended for use with the "grep" or "compile" modes available in editors like emacs and vim. In these modes, you can run an arbitrary command and the editor will parse the output into an interactive buffer that you can click on and jump to the relevant line of code.

The Perl::Critic team thanks everyone who has helped integrate Perl-Critic with their favorite editor. Your contributions in particular have made Perl- Critic a convenient and user-friendly tool for Perl developers of all stripes. We sincerely appreciate your hard work.

EMACS

Joshua ben Jore has authored a minor-mode for emacs that allows you to run perlcritic on the current region or buffer. You can run it on demand, or configure it to run automatically when you save the buffer. The output appears in a hot-linked compiler buffer. The code and installation instructions can be found in the extras directory inside this distribution.

VIM

gVIM

Fritz Mehner recently added support for perlcritic to his fantastic gVIM plugin. In addition to providing a very Perlish IDE, Fritz's plugin enables one-click access to perlcritic and many other very useful utilities. And all is seamlessly integrated into the editor. See http://lug.fh-swf.de/vim/vim-perl/screenshots-en.html for complete details.

EPIC

EPIC is an open source Perl IDE based on the Eclipse platform. Features include syntax highlighting, on-the-fly syntax check, content assist, code completion, perldoc support, source formatting with Perl::Tidy, code templates, a regular expression editing tool, and integration with the Perl debugger. Recent versions of EPIC also have built-in support for Perl::Critic. At least one Perl::Critic contributor swears by EPIC. Go to http://e-p-i-c.sourceforge.net for more information about EPIC.

Komodo

Komodo is a proprietary IDE for Perl and several other dynamic languages. Starting in version 5.1.1, Komodo has built-in support for Perl-Critic, if you have the Perl::Critic and criticism modules installed. Free trial copies of Komodo can be obtained from the ActiveState website at http://www.activestate.com.

ActivePerl

ActivePerl includes a very slick graphical interface for configuring and running Perl-Critic called perlcritic-gui. A free community edition of ActivePerl can be obtained from the ActiveState website at http://www.activestate.com.

EXIT STATUS

If perlcritic has any errors itself, exits with status == 1. If there are no errors, but perlcritic finds Policy violations in your source code, exits with status == 2. If there were no errors and no violations were found, exits with status == 0.

Coding standards are deeply personal and highly subjective. The goal of Perl::Critic is to help you write code that conforms with a set of best practices. Our primary goal is not to dictate what those practices are, but rather, to implement the practices discovered by others. Ultimately, you make the rules -- Perl::Critic is merely a tool for encouraging consistency. If there is a policy that you think is important or that we have overlooked, we would be very grateful for contributions, or you can simply load your own private set of policies into Perl::Critic.

EXTENDING THE CRITIC

The modular design of Perl::Critic is intended to facilitate the addition of new Policies. You'll need to have some understanding of PPI, but most Policy modules are pretty straightforward and only require about 20 lines of code. Please see the Perl::Critic::DEVELOPER file included in this distribution for a step-by-step demonstration of how to create new Policy modules.

If you develop any new Policy modules, feel free to send them to <team@perlcritic.com> and I'll be happy to consider putting them into the Perl::Critic distribution. Or if you would like to work on the Perl::Critic project directly, you can fork our repository at https://github.com/Perl-Critic/Perl-Critic.git.

The Perl::Critic team is also available for hire. If your organization has its own coding standards, we can create custom Policies to enforce your local guidelines. Or if your code base is prone to a particular defect pattern, we can design Policies that will help you catch those costly defects before they go into production. To discuss your needs with the Perl::Critic team, just contact <team@perlcritic.com>.